📦 Zzcms

An unauthenticated SQL injection vulnerability in ZZCMS front-end allows attackers to execute arbitrary SQL commands against the database. This affects all ZZCMS installations version 2023 and earlier...

ZZCMS 2023 contains a SQL injection vulnerability in the /q/show.php endpoint that allows attackers to execute arbitrary SQL commands. This affects all deployments of ZZCMS 2023 that have this endpoin...

ZZCMS 2023 has an unauthenticated file upload vulnerability that allows attackers to upload malicious files and execute arbitrary code on the server. This affects all systems running ZZCMS 2023 with t...

This SQL injection vulnerability in zzcms 2019 allows attackers to execute arbitrary SQL commands through the id parameter in /admin/dl_sendsms.php. This affects all zzcms 2019 installations with the ...

This SQL injection vulnerability in zzcms 2019 allows attackers to execute arbitrary SQL commands via the id parameter in dl/dl_print.php. Any system running the vulnerable version of zzcms is affecte...

This SQL injection vulnerability in ZZCMS 2021 allows attackers to execute arbitrary SQL commands through the askbigclassid parameter in /admin/ask.php. Attackers can potentially read, modify, or dele...

This vulnerability allows unauthenticated attackers to bypass authentication controls in zzcms by disabling JavaScript and directly accessing admin.php. Any organization running vulnerable versions of...

This SQL injection vulnerability in zzcms 2019 allows attackers to execute arbitrary SQL commands through the daohang or img POST parameters in user/ztconfig.php. This affects all systems running vuln...

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain unauthorized administrative access through the /user/adv.php endpoint. This affects all users runni...

CVE-2025-0565 is a critical SQL injection vulnerability in ZZCMS 2023 that allows remote attackers to execute arbitrary SQL commands via the 'id' parameter in /index.php. This affects all ZZCMS 2023 i...

This critical vulnerability in ZZCMS 2023 allows remote attackers to perform path traversal attacks via the skin[] parameter in /admin/class.php?dowhat=modifyclass. This could enable unauthorized file...

This CSRF vulnerability in ZZCMS allows attackers to trick authenticated administrators into performing unauthorized actions, such as adding new admin accounts. It affects all ZZCMS versions up to and...

This SQL injection vulnerability in zzcms 2019 allows attackers with dls_print authority to execute arbitrary SQL commands via the dlid cookie in /dl/dl_sendmail.php. This can lead to data theft, modi...

This SQL injection vulnerability in zzcms 2019 allows authenticated administrators to execute arbitrary SQL commands through the /admin/showbad.php endpoint via the id parameter. Attackers with admin ...

This SQL injection vulnerability in zzcms 2019 allows authenticated attackers with download authority to execute arbitrary SQL commands through the id parameter in /user/dls_download.php. This affects...

This SQL injection vulnerability in zzcms 2019 allows attackers with dls_print authority to execute arbitrary SQL commands via the dlid cookie in /dl/dl_sendsms.php. This could lead to data theft, mod...

This SQL injection vulnerability in zzcms allows attackers to execute arbitrary SQL commands through the user registration functionality. It affects all zzcms installations running vulnerable versions...

An SQL injection vulnerability exists in zzcms versions 8.2, 8.3, 2020, and 2021 through the id parameter in admin/dl_sendmail.php. This allows attackers to execute arbitrary SQL commands on the datab...

This vulnerability in ZZCMS 2025 allows remote attackers to inject malicious code through the 'icp' parameter in the backend site configuration module. It affects administrators who can access the /ad...

This SQL injection vulnerability in ZZCMS 2023 allows remote attackers to execute arbitrary SQL commands through the 'keyword' parameter in /admin/wangkan_list.php. Attackers can potentially access, m...

This vulnerability in ZZCMS 2025 allows cross-site scripting (XSS) attacks through manipulation of the $_SERVER['PHP_SELF'] parameter in the /3/ucenter_api/code/register_nodb.php file. Attackers can i...

This critical vulnerability in ZZCMS 2023 allows remote attackers to upload arbitrary files without restrictions via the Ebak_SetGotoPak function. Attackers can exploit this to upload malicious files ...

This critical SQL injection vulnerability in ZZCMS 2023 allows remote attackers to execute arbitrary SQL commands through the phome parameter in the Ebak_DoExecSQL/Ebak_DotranExecutSQL functions. Atta...

This vulnerability in ZZCMS 2023 allows remote attackers to access sensitive information through the file 3/qq-connect2.0/API/com/inc.php. The information disclosure could expose system details, confi...

This is a reflected Cross-Site Scripting (XSS) vulnerability in ZZCMS that allows attackers to inject malicious scripts via the HTTP_Referer header. When exploited, it can lead to session hijacking, c...

This vulnerability allows unauthenticated attackers to access sensitive PHP environment information by visiting a specific URL with a query parameter. It affects ZZCMS v.2023 and earlier versions. The...

This vulnerability in ZZCMS 2023 allows remote attackers to disclose sensitive information by manipulating the 'phome' parameter in the 'eginfo.php' file. The information leak could expose system deta...

A reflected cross-site scripting (XSS) vulnerability in ZZCMS v2023 allows attackers to inject malicious scripts via the dl_liuyan_save.php component. When exploited, this enables arbitrary code execu...

This reflected XSS vulnerability in ZZCMS allows attackers to inject malicious JavaScript via the HTTP Referer header. When exploited, it can execute arbitrary code in victims' browsers, potentially l...

This vulnerability in ZZCMS 2025 allows attackers to store user data in cleartext on disk through the /reg/user_save.php file. Remote exploitation is possible, potentially exposing sensitive informati...